package com.demo.function.filter.filter;

import jakarta.servlet.http.HttpServletRequest;

import java.io.IOException;
import java.util.regex.Pattern;

public class SqlInjectRequestWrapper extends AbstractRequestWrapper {

    private static String badStrReg = "\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
    //整体都忽略大小写
    private static Pattern sqlPattern = Pattern.compile(badStrReg, Pattern.CASE_INSENSITIVE);

    /**
     * Constructs a request object wrapping the given request.
     *
     * @param request The request to wrap
     * @throws IllegalArgumentException if the request is null
     */
    public SqlInjectRequestWrapper(HttpServletRequest request) throws IOException {
        super(request);
    }

    @Override
    protected boolean validateKeyWords(String value) {
        return sqlPattern.matcher(value).find();
    }

    @Override
    protected String getErrorMsg(String value) {
        return String.format("参数：%s，包含sql关键字", value);
    }
}
